Abstract

Abstract

23rd SRA-Europe Annual Meeting on Analysis and Governance of Risks Beyond Boundaries -- 2014 -- Istanbul, TURKEY WOS: 000383448000005 Airports are critical infrastructures entailing intense human, commercial and economic activity. As such, they are preferred targets for criminal and terrorist groups, who are attracted by the promisingly high revenues they might get from an attack. Every year, airport authorities worldwide have to face, with limited resources, attacks arising from different adversaries. There are several sensible areas within an airport organization that are especially vulnerable to the terrorist threat, including, among others: (1) those related to human lives (of passengers or staff); (2) airport infrastructure (airport perimeter, main terminal, Air Traffic Control Tower, runways, hangars, etc.); (3) aircrafts and other ground vehicles; and (4) IT systems and services. Besides the more traditional ones, we are particularly concerned with attacks launched against the last type of targets, an emerging and increasingly worrisome threat. Specifically, we analyze the impact of cyber-attacks launched by organized groups whose main goal is to take hold of airport operations. In some cases, in order to have more chances to achieve their purpose (and take advantage of its eventual success), cyber attackers may be backed up by a terrorist group who will try to interfere with the Air Traffic Management network. In this paper, we aim at supporting airport authorities in their fight against both threats, by devising a security allocation plan. We provide an adversarial risk analysis model to address the problem, and apply it to obtain the optimal portfolio of preventive measures in an illustrative case study. The model is open to extensions, as e.g. larger and more complex technical infrastructures, new threats, or additional recovery measures deployed by different defensive agents. SRA Europe European Union [285223]; Spanish Ministry of Economy and Innovation Program [MTM2011-28983-C03-01]; AXA-ICMAT Chair on Adversarial Risk Analysis; ESF Cost Action on Expert Judgment [IS1304] This work has been partly funded by the European Union's 7th Framework Programme under grant agreement no 285223 - SECONOMICS. Work has been also supported by the Spanish Ministry of Economy and Innovation Program MTM2011-28983-C03-01, the AXA-ICMAT Chair on Adversarial Risk Analysis and the ESF Cost Action IS1304 on Expert Judgment.